TSPY_ZBOT.LAG
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 7,271 |
Threat Level: | 50 % (Medium) |
Infected Computers: | 949 |
First Seen: | October 17, 2012 |
Last Seen: | September 9, 2023 |
OS(es) Affected: | Windows |
The infamous Zeus Trojan is one of the most widely distributed malware infections in existence. The TSPY_ZBOT.LAG Trojan is one more variant of this dangerous banking Trojan. These kinds of malware infections are typically distributed using social engineering scams involving fake email messages with malicious attachments or instant messaging spam. The TSPY_ZBOT.LAG variant in particular is distributed in spam email messages that spoof addresses and content from email messages from PayPal or from WebEx. Computer users that open these malicious email messages are directed to a fake version of the Adobe Flash website where a malicious file named update_flash_player.exe is downloaded onto the victim's computer. The use of this fake Adobe Flash Player has been found in various other malware attacks earlier this year. In the case of the version of this threat that is used to distribute TSPY_ZBOT.LAG, this malicious file is detected as TSPY_FAREIT.SMC.
Criminals have managed to create a fake version of the Adobe Flash website that mimics components of this website, including a drop down menu that is quite difficult to recreate. Malicious email messages used to carry out this social engineering attack will typically contain an HTM file attachment which leads computer users to this fake Adobe Flash Website. Email messages associated with this scam will claim to contain information about a WebEx conference or about a recent PayPal transaction in their attachment.
Table of Contents
How TSPY_ZBOT.LAG is Used to Attack Computer Users
TSPY_ZBOT.LAG and the many variants of the Zeus Trojan or Zbot Trojan are mainly used to steal private information. Criminals will typically use TSPY_ZBOT.LAG to steal online banking information and personal data such as credit card details, online email passwords or website and FTP login information. TSPY_ZBOT.LAG and its variants hide in the victim's computer, running in the background and consuming few system resources. TSPY_ZBOT.LAG can remain undetected for long periods of time, preventing the victim from realizing its presence before TSPY_ZBOT.LAG manages to steal important information from the infected computer. Due to the fact that TSPY_ZBOT.LAG can endanger your bank account and online accounts, this malware threat should be removed promptly with a reliable anti-malware program. If you believe that you had contact with TSPY_ZBOT.LAG, ESG malware analysts advise immediate action to prevent the loss of your money and of valuable, confidential information.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %User Profile%\Application Data\{RANDOM CHARACTERS1}\{RANDOM CHARACTERS}.exe | |
2. | %User Profile%\Application Data\{RANDOM CHARACTERS2}\{RANDOM CHARACTERS}.{RANDOM CHARACTERS} | |
3. | %User Profile%\Application Data\Microsoft\Address Book\{username}.wab |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.